Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 119

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Answer options

• A. Enable traffic analysis in the Cisco FTD.
• B. Implement pre-filter policies for the CIP preprocessor.
• C. Configure intrusion rules for the DNP3 preprocessor.
• D. Modify the access control policy to trust the industrial traffic.

Correct answer: C

Explanation

The correct answer is C because configuring intrusion rules for the DNP3 preprocessor specifically addresses the need to analyze and detect anomalies in DNP3 traffic, which is critical for industrial systems. Option A is incorrect as enabling traffic analysis alone does not enforce specific rules for anomaly detection. Option B relates to the CIP preprocessor, which is not the focus here, and D only involves trust settings without active anomaly detection.